Beginner
Intermediate
Advanced

Cryptocurrency's Most Notorious Security Breaches

April 16, 2024
3 min

Cryptocurrency represents a dynamic blend of technological innovation and financial evolution, offering unique investment opportunities. However, it is not immune to vulnerabilities. From the Ronin Network incident to the sophisticated hack of the FTX exchange, cryptocurrency has witnessed some major security breaches in its relatively short history. This article explores the most notable incidents and highlights the challenges and lessons learned in protecting digital assets from cybercriminals.

​​

1. The Ronin Network Incident, 2022 | $625 Million

The Ronin Network incident of 2022 is one of the most prominent breaches in cryptocurrency history. The platform, which serves as an exchange for the popular Axie Infinity video game, suffered a security breach resulting in the loss of approximately $625 million.

Cybercriminals targeted the platform due to its ability to allow players to trade in-game tokens for other forms of cryptocurrency. In November 2021, the platform experienced a surge in users, which led to an “immense user load”. To cope with the increased demand, the company relaxed its security procedures, creating a vulnerability that attackers exploited.

The attackers vanished with the private keys needed to authenticate transactions, resulting in a critical security lapse that allowed them to transfer vast amounts of cryptocurrency to their wallets. The transfer involved 173,600 ETH and 25.5 million USDC, a stablecoin pegged to the US dollar. 

2. The Poly Network Breach, 2021 | $611 Million

The Poly Network, a protocol that facilitates the exchange of various types of cryptocurrency, went through a major security breach on August 10, 2021. Unidentified hackers exploited a weakness in the system, enabling them to transfer a massive sum of over $610 million in digital cryptocurrency into their own accounts.

The hackers announced their plans to return the tokens the day after the theft, following Poly Network’s attempt to communicate. They claimed that the purpose of the theft was to expose vulnerabilities and secure the Poly Network. They communicated with the public by embedding messages in transactions with their addresses. The hackers required multi-signature addresses for transfer. 

On August 13, the hackers returned assets worth $340 million and transferred the majority of the rest to a multi-signature address jointly controlled by them and Poly Network. The last of the hacked money was returned to Poly Network on August 25.

3. The FTX Bankruptcy, 2022 | $600 Million

In 2022, FTX, a previously major cryptocurrency exchange, was hacked during its bankruptcy proceedings, which allowed the attacker to exploit present vulnerabilities. The attack occurred late on a Friday, resulting in the withdrawal of over $600 million in digital assets from the exchange's wallets.

FTX officials have confirmed a breach and advised users to uninstall all FTX applications and avoid visiting the exchange’s website. The stolen funds were converted into various digital currencies, with the majority being converted into Ethereum. The attack was so sophisticated that it led to speculation within the cryptocurrency community about the possibility of an inside job.

Further investigations revealed that the attack was linked to a SIM swap attack. In November 2022, an attacker impersonated an employee at the company, gained access to their AT&T account, and transferred over $400 million in virtual currency out of the crypto wallets.

4. The Binance BNB Bridge Breach, 2022 | $570 Million

In 2022, Binance, a global cryptocurrency exchange, had its cross-chain bridge exploited. The breach was conducted by an unknown hacker.

The attack began on October 6, 2022, and resulted in the hacker stealing 2 million Binance Coins (BNB) from the network, worth approximately $570 million at the time. A vulnerability in the cross-chain bridge, BSC Token Hub, facilitated the breach, resulting in the creation of extra BNB tokens.

Binance temporarily suspended its blockchain network and worked with network validators to pause the creation of new blocks on the Binance Smart Chain (BSC), effectively suspending all transaction processing. The company managed to freeze $7 million in funds after pushing an update that froze the accounts. Despite these measures, the incident had a significant impact on the price of the BNB token, which dropped by 3.5% in the 24 hours following the attack.

5. The Coincheck Breach, 2018 | $547 Million

In January 2018, Coincheck, a Japan-based cryptocurrency exchange, was breached. This incident, which took place on January 26, 2018, led to the loss of around $534 million in NEM, a type of digital currency.

The breach was detected when unauthorized individuals accessed the exchange’s network and moved a substantial quantity of NEM coins from Coincheck’s hot wallet. The stolen assets were kept in a hot wallet, which is connected to the internet, unlike a cold wallet where funds are stored offline. Coincheck’s leadership acknowledged the breach and pledged to compensate its customers for their losses. However, they did not reveal the origin of the compensation funds. The event caused a significant decline in the value of NEM and other cryptocurrencies.

The incidents described in this article are a reminder of the ongoing and changing threat of cybercrime in the cryptocurrency industry. Despite the innovation of blockchain technology, the security of digital assets remains a critical concern. Each breach highlights the importance of strict security protocols and constant vigilance.

Risk Disclosure Statement

The information provided in this article is for educational and informational purposes only and should not be construed as financial, tax, or legal advice or recommendation. Dealing with virtual currencies involves significant risks, including the potential loss of your investment. We strongly recommend you obtain independent professional advice before making any financial decisions. The products and services offered by Tothemoon may not be suitable for all users and may not be available in certain countries or jurisdictions. The promotional materials do not guarantee any specific outcomes or profits from virtual trading. Past performance is not indicative of future results. It is important to read and understand the risks, which are explained in our Risk Disclosure Statement

Katya V.

Katya is one of Tothemoon's skilled content managers and a writer with a diverse background in content creation, editing, and digital marketing. With experience in several different industries, mostly blockchain and others like deep tech, they have refined their ability to craft compelling narratives and develop SEO strategies.